Arch on a server: how to keep it stable, secure and updated?

Hello!

I have been using Arch on my laptop for the past year and now that I finally have got my own server at home, I cannot decide whether use Debian or Arch to run it.

I am web developer and host about 20 websites I have made, two of which are critical to be available. (These are not mine, I developed them for my customers and I host them, too.) I only get home at weekends. The current server runs Windows 2008 R2. I have a dedicated server room at home with quite solid network and power infrastructure.

I would like to run ssh, apache/nginx, php, mysql. Furthermore, I would like to get a mail server up and running on this machine, as well as a few (~5) virtual machines for various purposes.

I have no experience with Debian at all. I've been using it for a few weeks and did not really like it; when I turned away from Windows, I've been looking for simplicity, clarity and sanity - that's why I use Arch. I had a minor crash (I did not read an important announcement at archlinux.org), but managed to fix in few hours.

I am not sure I have enough experience with Arch, or any other Linux distribution, though, to be absolutely sure to keep the server available at all times, without being afraid to update often.

I would like to ask more experienced users, those who use a Debian installation at a production server, what are the upsides and downsides of using Arch as compared to Debian. This had been discussed many times. Rather than general responses like "Arch is rolling release, you have to update more often, presumably breaking your system if you are not careful enough", I would like to hear what procedures need to be performed regularly and how often (the most important things) to keep the server stable, secure and updated.

For example, if new version of PHP comes out, should I worry about updating it immediately? (Is the stable branch really "stable" enough for production use?)

If there is a security issue with the new package, how long does it (usually) take for such a prominent package to have a fix available?

By the way, I would like to use Arch because in my experience, it can be tuned to reduce power consumption easily. I will run HP ProLiant DL360 g4 and would like to reduce my electricity bill.

Re: Arch on a server: how to keep it stable, secure and updated?

If you need critical systems to be online, and are not that familiar with Arch, do not use Arch.

That is different. I need them to be online to have an ordinary, happy life without customers complaining about not having their website running properly.

I can imagine updating Debian, though much less often, can cause severe problems, too. The question is, is the risk of updating a bit every week (remotely) comparable to performing one huge update every few months?